Source: Xinhuanet

01-14-2009 15:57

BEIJING, Jan. 14 (Xinhuanet) -- Microsoft issued just one update for its January security bulletin release, fixing Windows glitches that could allow hackers to launch malicious code or a denial-of-service attack on users' computers as media reports said Wednesday.

The critical security update -- the only one issued for Microsoft's regularly scheduled "Patch Tuesday" release -- addresses three vulnerabilities found in the Microsoft Server Message Block (SMB) Protocol, which allows file information to be sent to printers and domain controllers.

The error affects all versions of Windows, including Windows 2000, XP, Vista, Server 2003 and Server 2008. Microsoft gave the vulnerability the highest severity ranking of "critical," due to the fact that the SMB Protocol is turned on by default in the earlier versions of Windows. The glitch was given a "moderate" ranking for Vista and Server 2008 because the SMB Protocol was turned off by default. However, it could be reopened in corporate networks.

A successful exploit would potentially enable attackers to execute remote code that would allow them to infiltrate users' PCs through open SMB ports, where they could install malicious programs, access sensitive and financial data, or launch a DoS attack.

So far, there are no active attacks that exploit the flaw.

 

Editor:Zhao Yanchen